Security Risk Management - The Driving Force for Operational Resilience: The Firefighting Paradox
暫譯: 安全風險管理 - 運營韌性的推動力:消防悖論
Seaman, Jim, Gioia, Michael
商品描述
The importance of businesses being Operationally Resilient is becoming increasingly more important and a driving force behind whether an organization can ensure that their valuable business operations can 'Bounce Back' from, or manage to evade, impactful occurrences is the Security Risk Management Capabilities.
In this book, we change the perspective on an organization's operational resilience capabilities so that it changes from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book are with a focus on risk profiles and how your business can reduce these profiles using effective mitigation measures.
The book is divided into two sections:
1. Security Risk Management.
All the components of Security Risk Management contribute to your organization's Operational Resilience capabilities, to help reduce your risks.
Reduce the Probability/Likelihood.
2. Survive to Operate.
In the event that your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly 'Bounce Back'.
Reduce the Severity/Impact.
Rather than looking at this from an Operational Resilience compliance capabilities aspect, we have written these to be agnostic of any specific Operational Resilience Framework (e.g., CERT RMM, ISO 22316, SP 800-160 Vol. 2 Rev. 1, etc.), with the idea of looking at Operational Resilience through a Risk Management lens instead.
This book is not intended to replace these numerous Operational Resilience standards/frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your Operational Resilience risks.
Unlike the Cyber Security or Information Security domains, Operational Resilience looks at the risks from a business-orientated view, so that anything that might disrupt your essential business operations are risk assessed and appropriate countermeasures identified and applied.
Consequently, this book is not limited to cyber-attacks or the loss of sensitive data but, instead, looks at things from a business holistic viewpoint.
商品描述(中文翻譯)
企業在運營韌性方面的重要性日益增加,這已成為決定一個組織是否能夠確保其寶貴業務運作能夠「反彈」或成功避開重大事件的驅動力,而這一切都與安全風險管理能力息息相關。
在本書中,我們改變了對組織運營韌性能力的看法,使其從被動(打勾式)方法轉變為主動方法。本書每一章的觀點都專注於風險概況,以及您的業務如何通過有效的緩解措施來降低這些風險概況。
本書分為兩個部分:
1. 安全風險管理。
所有安全風險管理的組成部分都對您的組織運營韌性能力有所貢獻,以幫助降低您的風險。
降低概率/可能性。
2. 生存以運營。
如果您的安全風險管理能力未能支持您的組織,這些是讓您能夠迅速「反彈」所需的組成部分。
降低嚴重性/影響。
我們並不是從運營韌性合規能力的角度來看待這一問題,而是將其撰寫為不依賴於任何特定的運營韌性框架(例如,CERT RMM、ISO 22316、SP 800-160 第2卷 修訂版1等),而是希望通過風險管理的視角來看待運營韌性。
本書並不打算取代這些眾多的運營韌性標準/框架,而是旨在補充它們,讓您認識到它們在幫助識別和緩解您的運營韌性風險方面的價值。
與網絡安全或信息安全領域不同,運營韌性從以業務為導向的視角來看待風險,因此任何可能擾亂您基本業務運作的因素都會進行風險評估,並識別和應用適當的對策。
因此,本書並不僅限於網絡攻擊或敏感數據的丟失,而是從整體業務的角度來看待問題。
作者簡介
Jim Seaman honed his skills and craft during a 22-year career in the Royal Air Force Police, with the final decade being employed on Counter Intelligence, Computer Security, Counter Terrorism and Risk Management duties. On completion of his 22-years of military service, he sought the new challenge of transferring his specialist skills and knowledge across to the corporate sector. In the decade since transitioning across to the corporate environment, he has fulfilled roles within Payment Card Industry Data Security Standard (PCI D)SS compliance, data protection, information security, industrial systems security and risk management. In the past few years, he has sought to further develop his knowledge and to rise to the challenge of authoring two books, one on the subject of PCI DSS (published May 2020) and the other on Protective Security (published Apr 2021).
Michael Gioia is an information security leader with over 18 years of experience delivering security solutions across several industries. He has served as an officer in the United States Air Force and worked in higher education, the Department of Defense, retail food services, and security consulting. He has performed most of his information security work within higher education, currently, as the Chief Information Security Officer (CISO) for Babson College and formerly as the Information Security Officer (ISO) at Eastern Illinois University, Rose-Hulman Institute of Technology, and Bentley University. He retains various professional certifications that include a Certified Information Security Manager (CISM) and Certified Data Privacy Solutions Engineer (CDPSE) from ISACA, Certified Information System Security Professional (CISSP) from ISC2, GIAC Security Leadership Certification (GSLC) from SANS, and Payment Card Industry Professional (PCIP) from the PCI Security Standards Council.
作者簡介(中文翻譯)
吉姆·西曼在皇家空軍警察部隊的22年職業生涯中磨練了他的技能和工藝,最後十年專注於反情報、計算機安全、反恐和風險管理工作。在完成22年的軍事服務後,他尋求將其專業技能和知識轉移到企業界的新挑戰。在轉型至企業環境的十年間,他在支付卡行業數據安全標準(PCI DSS)合規性、數據保護、信息安全、工業系統安全和風險管理等領域擔任過多個角色。在過去幾年中,他努力進一步發展自己的知識,並迎接撰寫兩本書的挑戰,一本是關於PCI DSS的書(於2020年5月出版),另一個是關於保護安全的書(於2021年4月出版)。
邁克爾·喬亞是一位信息安全領導者,擁有超過18年的經驗,為多個行業提供安全解決方案。他曾在美國空軍擔任軍官,並在高等教育、國防部、零售食品服務和安全諮詢等領域工作。他的大部分信息安全工作是在高等教育領域進行的,目前擔任巴布森學院的首席信息安全官(CISO),之前曾擔任伊利諾伊東部大學、羅斯霍曼科技學院和本特利大學的信息安全官(ISO)。他擁有多項專業認證,包括ISACA的認證信息安全經理(CISM)和認證數據隱私解決方案工程師(CDPSE)、ISC2的認證信息系統安全專業人員(CISSP)、SANS的GIAC安全領導認證(GSLC)以及支付卡行業專業人員(PCIP)認證,該認證由PCI安全標準委員會頒發。
